Outgoing SMTP STARTTLS / SASL CRAM-MD5 authentication failure

[andrewilley]

Sometime over the past few months, authentication for SMTP sending on one of my email accounts stopped working. Incoming POP3 mail is still fine. I don't send much from this account on my phone so I can't be much more specific on the timeline, sorry.

Outgoing SMTP mail on server mail.cix.co.uk was set to use STARTTLS (Strict Check), port 587, Authentication chosen automatically. This worked fine until recently, but now I get "Authentication Error: 535, authentication failed (#5.7.1)" when sending or testing with that account.

If I set Authentication manually to "SASL CRAM-MD5" I get the same error, but dropping down to "SASL LOGIN" seems to work OK. I'm using that for now, but not sure whether that's as secure or not?

I can provide a logfile if that would help.

Andre

[andrewilley]

No thoughts on this problem anyone, as I say it worked fine a while ago?

Or am I OK simply leaving it set to "SASL LOGIN"? I'm not sure which mode is meant to be the more secure.

Andre

[Kostya Vasilyev]

AquaMail's SMTP has always supported CRAM-MD5 (and implemented for IMAP in 1.3).

CRAM-MD5 is the most secure, and will be chosen by my code in "automatic" security mode -- when the server advertises support this mode.

CRAM-MD5 is also the one that's most often advertised by servers, but does not work.

That it worked before and stopped working means that, again, something's changed on the server.

SASL LOGIN / SASL PLAIN are, in theory, less secure because they require the actual password to be transmitted, but with STARTTLS / SSL, there really is no practical difference.